User: starksm
Date: 02/02/05 14:03:27
Modified: src/main/org/jboss/ejb/plugins
StatefulSessionInstanceInterceptor.java
Log:
The security context must be established before the cache
lookup because the SecurityInterceptor is after the instance
interceptor and handles of passivated sessions expect that they are
restored with the correct security context since the handles
not serialize the principal and credential information. See Bug #511280
Revision Changes Path
1.27 +22 -12
jboss/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java
Index: StatefulSessionInstanceInterceptor.java
===================================================================
RCS file:
/cvsroot/jboss/jboss/src/main/org/jboss/ejb/plugins/StatefulSessionInstanceInterceptor.java,v
retrieving revision 1.26
retrieving revision 1.27
diff -u -r1.26 -r1.27
--- StatefulSessionInstanceInterceptor.java 2002/01/12 21:14:26 1.26
+++ StatefulSessionInstanceInterceptor.java 2002/02/05 22:03:27 1.27
@@ -34,9 +34,10 @@
* This container acquires the given instance.
*
* @author <a href="mailto:[EMAIL PROTECTED]";>Rickard �berg</a>
- * @author <a href="mailto:[EMAIL PROTECTED]";>Marc Fleury</a>
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Marc Fleury</a>
* @author <a href="mailto:[EMAIL PROTECTED]";>Bill Burke</a>
- * @version $Revision: 1.26 $
+ * @author <a href="mailto:[EMAIL PROTECTED]";>Scott Stark</a>
+ * @version $Revision: 1.27 $
*
* <p><b>Revisions:</b>
* <p><b>20010704 marcf</b>
@@ -181,19 +182,28 @@
public Object invoke(Invocation mi)
throws Exception
{
- AbstractInstanceCache cache =
- (AbstractInstanceCache)container.getInstanceCache();
- Object id = mi.getId();
+ InstanceCache cache = container.getInstanceCache();
+ InstancePool pool = container.getInstancePool();
+ Object methodID = mi.getId();
EnterpriseContext ctx = null;
- BeanLock lock = (BeanLock)container.getLockManager().getLock(id);
+ BeanLock lock = (BeanLock)container.getLockManager().getLock(methodID);
try
{
lock.sync(); // synchronized(ctx)
try // lock.sync
{
+ /* The security context must be established before the cache
+ lookup because the SecurityInterceptor is after the instance
+ interceptor and handles of passivated sessions expect that they are
+ restored with the correct security context since the handles
+ not serialize the principal and credential information.
+ */
+ SecurityAssociation.setPrincipal(mi.getPrincipal());
+ SecurityAssociation.setCredential(mi.getCredential());
+
// Get context
- ctx = container.getInstanceCache().get(mi.getId());
+ ctx = cache.get(methodID);
// Associate it with the method invocation
mi.setEnterpriseContext(ctx);
@@ -240,7 +250,7 @@
}
// Set the current security information
- ctx.setPrincipal(SecurityAssociation.getPrincipal());
+ ctx.setPrincipal(mi.getPrincipal());
try
{
@@ -249,21 +259,21 @@
} catch (RemoteException e)
{
// Discard instance
- container.getInstanceCache().remove(mi.getId());
+ cache.remove(methodID);
ctx = null;
throw e;
} catch (RuntimeException e)
{
// Discard instance
- container.getInstanceCache().remove(mi.getId());
+ cache.remove(methodID);
ctx = null;
throw e;
} catch (Error e)
{
// Discard instance
- container.getInstanceCache().remove(mi.getId());
+ cache.remove(methodID);
ctx = null;
throw e;
@@ -283,7 +293,7 @@
if (ctx.getId() == null)
{
// Remove from cache
- container.getInstanceCache().remove(mi.getId());
+ cache.remove(methodID);
}
}
finally
_______________________________________________
Jboss-development mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/jboss-development
